This privacy notice is to let you know how companies within the Group will look after your personal data. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing information you want us to send you.
Your personal data will be processed by Lighthouse Financial Advice Limited and Lighthouse Advisory ServicesLimited, which are part of Lighthouse Group plc (the “Group”).
This notice explains how we do this and tells you about your privacy rights and how the law protects you.
Data Protection law says that we can only use personal data if we have a proper reason to do so. This includes sharing it outside Lighthouse Group plc. For example (and as described in more detail below) in different scenarios the following reasons may justify our processing of your data:
To fulfil a contract we have with you, or
When it is our legal duty, or
When it is in our legitimate business or commercial interest (provided that our legitimate interest is not overridden by your rights), or
When you consent to it.
1. Information we collect about you
The personal data that we collect from or about you includes the following:
- date of birth
- phone numbers
- recording of calls you make to our advisers
- information about your health where relevant to the products or services that we provide to you
- information about any trade unions you’re a member of in circumstances where you contact us as a result of your trade union membership
- demographic information and other information provided by you
- information about your visit to our website, including technical information about how you access our web services such as your IP address, information about how and when you use our website (products you viewed or searched for, page response times, and length of visits to certain pages).
We may also need to collect data about other people such as your spouse, children or other related parties or third party beneficiaries. Depending on the nature of the data and what we propose to do with it (which will always relate to the service we provide to you or to them), we may require you to provide them with certain information (which may include this policy) or may ask for their consent.
2. How we collect information about you
We may collect information in a variety of ways including:
directly from you when you voluntarily provide this information to us, for example during phone calls, via our website, or at a meeting;
through your browser or device or through our servers;
from other sources, such as: other Group advisers, third party product providers, your other advisers, credit reference agencies, professional introducers, affinity groups, third parties that we purchase your personal data from and other relevant third parties.
3. How we use your personal data, and our justification for doing so
We use your personal data for a variety of purposes related to the services that we provide. From a legal perspective, there are various reasons for doing so. We have set out our uses and our reasons in the table below.
4. Whom we share your personal data with
Some services are provided to our firm or advisers by third parties such as processing business or obtaining compliance or regulatory advice, which warrant the disclosure of more than just your basic contact details. In such cases personal data held by the Group may be disclosed on a confidential basis, and in accordance with relevant data protection law.
Other professional advisers:
Depending on the instructions we receive from you, we may pass your data to other professional advisers to enable us to provide advice most suited to your circumstances. Usually, this would be referrals to accountants, solicitors, tax advisers and sometimes to specialist advisers in the financial and insurance industry if we believe you may benefit from the expertise of such third parties. We, and any third party specialist advisers to whom we introduce you, will pass your data to product providers, lenders and investment managers when you agree to make an investment, or purchase or amend policies or mortgages.
Sharing data to comply with laws:
There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies, regulatory bodies (such as the Financial Conduct Authority) or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law.
International Group data processing and Group structure:
Lighthouse Group shares various operations and business processes. We may share your personal data with any member of our Group to fulfil our contracted obligations to you, or because it is in our legitimate interests to do so. We may also share your personal data if the make-up of Lighthouse Group Plc changes in the future:
- We may choose to sell, transfer or merge parts of our business or our assets. Or we may seek to acquire other businesses or merge with them.
- During any such process, we may share your data with other parties. We will only do this if they agree to keep your data safe and private.
- If there is a change to our Group, then other parties may use your data in the same way as set out in this notice.
5. Transfers of your data outside of Europe
Product providers, lenders and investment managers may administer your policies, including any policies you already have with them, and provide other services from centres in countries outside the European Economic Area (the “EEA”) (such as India and the USA) that do not always have the same standard of data protection laws as the UK. However, they are required to put a contract in place that ensures that your information is adequately protected, and they will remain bound by their obligations under the relevant data protection law even when your personal information is processed outside the EEA.
If we do transfer information to investment or insurance companies outside the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
For data sent to the USA, transfer it only to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU. It makes sure those standards are similar to what is used within the EEA.
6. If you choose not to give personal data
We may need to collect personal information by law, or under the terms of a contract, we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts or policies. It could mean that we cancel a service you have with us.
Any data collection that is optional would be made clear at the point of collection.
7. The way we store your data
We keep records of all your transactions. You, or your appointed agent, have the right to inspect the records at a mutually convenient time. As we treat all our client records as confidential, we reserve the right to give you copies of your records if, in certain circumstances, releasing the original would compromise other clients’ confidentiality.Unless you tell us otherwise, when we arrange products for couples or joint parties we will assume that information can be passed freely between us and the parties involved with the contract.
8. Keeping your personal data safe
We take the security of your data very seriously and have implemented various strategies, controls and measures to protect the integrity and confidentiality of your data. We keep these measures under review, including by reference to broader industry standards.
9. How long we keep personal data
We will keep your data for as long as necessary, which would typically be for the whole of your life. We need this data to allow us, where agreed, to provide an on-going service and to allow us, if required, to undertake future reviews and fulfil our obligations to regulators.
10. Your rights and how to contact us
The law gives you a number of rights in relation to your personal data and our use of it. You have the right:
- to ask us not to use your personal data for direct marketing purposes;
- to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party)
- to ask us to correct or update any personal data which is inaccurate;
- to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;
- to ask us to temporarily stop using your data if you don’t believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
11. How to complain
Please let us know if you are unhappy with how we have used your personal information. Please refer to the contact details for our Customer Liaison Team shown above.
You also have the right to complain about the use of your personal data to the Information Commissioner’s Office.Find out how on their website https://ico.org.uk/concerns/ or call their helpline on 0303 123 1113.